When I tried to access rgw configured with keystone integration using S3 API with a new user , It appears that the new user is still access with legacy tenant (i.e. global). Swift API works as intended.

The problem here seems to be the user auto-created by S3 API seems does not honour rgw_keystone_implicit_tenants ceph configuration, the user is created using legacy tenant format instead of tenent$user format.

Note that you need to create the EC2 credentials in openstack (openstack ec2 credentials create) to replicate this behaviour. Do not generate EC2 credentials in radowsgw-admin (radosgw-admin key create)

Well, I read the doc again, and it says "When a client application accesses buckets, it always operates with credentials of a particular user. As mentioned above, every user belongs to a tenant. Therefore, every operation has an implicit tenant in its context", so it seems still to be a bug...

Subject changed from rgw s3 API does not honor rgw_keystone_implicit_tenants when keystone integration is configured to rgw: s3 API does not honor rgw_keystone_implicit_tenants when keystone integration is configured